🗂️ Navigation
📁 Infrastructure as Code
📋 IaC Compliance
🔧 Regula

Regula

A tool that evaluates infrastructure as code for security and compliance.

Visit Website →

Overview

Regula is an open-source tool developed by Fugue (now part of Snyk) that checks Terraform and CloudFormation templates for security misconfigurations and compliance violations. It uses Open Policy Agent (OPA) and the Rego query language to define and enforce policies, making it a flexible and powerful tool for IaC security.

✨ Key Features

  • Scans Terraform (HCL and plan JSON) and CloudFormation (YAML/JSON)
  • Uses Open Policy Agent (OPA) and Rego for policies
  • Pre-built library of rules for CIS Benchmarks and other standards
  • Support for custom rules
  • Integration with CI/CD pipelines

🎯 Key Differentiators

  • Based on the powerful and flexible Open Policy Agent (OPA)
  • Allows for expressive and fine-grained custom policies in Rego
  • Strong integration with the OPA ecosystem

Unique Value: Provides a powerful and flexible open-source solution for ensuring IaC compliance.

🎯 Use Cases (4)

IaC compliance checking Security auditing of infrastructure code Enforcing compliance policies in CI/CD Pre-deployment compliance checks

✅ Best For

  • Validating Terraform code against CIS AWS Foundations Benchmark
  • Ensuring Kubernetes manifests comply with organizational policies

💡 Check With Vendor

Verify these considerations match your specific requirements:

  • Runtime security monitoring
  • Vulnerability scanning of application code

🏆 Alternatives

Checkov Terrascan KICS

Its tight integration with OPA makes it a great choice for organizations that want to use a standardized policy language.

💻 Platforms

CLI

✅ Offline Mode Available

🔌 Integrations

GitHub Actions GitLab CI Jenkins CircleCI Conftest

💰 Pricing

Contact for pricing
Free Tier Available

Free tier: Full open-source version is free.

Visit Regula Website →

🔄 Similar Tools in IaC Compliance

Snyk IaC

Find and fix security issues in your Terraform, CloudFormation, Kubernetes, and ARM configurations....

Contact

Checkov

An open-source static analysis tool for scanning infrastructure as code (IaC) files for misconfigura...

Contact

Terrascan

An open-source static code analyzer for Infrastructure as Code....

Contact

KICS by Checkmarx

An open-source solution for static analysis of IaC....

Contact

tfsec

A static analysis security scanner for Terraform code....

Contact

Open Policy Agent

An open-source, general-purpose policy engine....

Contact